News |

Action: postie_register_shortcode_pre

March 25, 2020

This action is called just before postie_post_before.

You use this action to register any Postie specific shortcodes.

<?php 
function my_postie_register_shortcode_pre() {
    //register any Postie shortcodes
    add_shortcode('myshortcode', 'my_shortcode');
}

add_action('postie_register_shortcode_pre', 'my_postie_register_shortcode_pre');

// works like a standard shortcode
function my_shortcode($att, $content = null) {
    global $postie_post; // the current post
    return '<p>My shortcode</p>';
}
?>

March 23, 2020

refactoring to separate email fetch from email processing
add postie_register_shortcode_pre action for registering Postie shortcodes

February 18, 2020

Begin migration of shortcode support into Postie main

February 18, 2020

Fix: signature stripping in html emails was failing sometimes

February 16, 2020

Assigns categories to email attachments when uploaded to the media library.

See Category for Media AddOn

February 1, 2020

Fix: different regex approach for html vs plain
Only process 1 email at a time

Postie Reinstated to the WordPress repository

January 18, 2020

After discussions with the WordPress security team the published exploit was not deemed significant enough to warrant Postie being suspended and was reinstated without any code changes required.

Postie Suspended from the WordPress repository

January 8, 2020

UPDATE Jan 18, 2020 Postie has been reinstated!

I was notified today that Postie has been suspended from the WordPress plugin repository

Your plugin has had to be temporarily withdrawn from the WordPress.org Plugin Directory due to an exploit.

The exploit is that if someone knows your secret Postie email address and knows the email address of an authorized poster and they forge the email headers and your email server lets the forged headers through then they could post something.

There is also an example exploit documented to inject some javascript if the attacker knows all of the above.

You can read the gory details at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20203

Impact

There is little impact if you don’t publicize your secret Postie email address and the email addresses of those users allowed to post.

Resolution

I am actively looking into validating received emails via SPF and DKIM which are the same mechanisms email hosts use for verifying emails. This validation will likely affect some users so I will include an option for turning it off.

I do not know the exact timing yet, but I expect this will get resolved in the next couple of weeks and Postie will be restored to the WordPress plugin repository.

1.9.40 Released

November 13, 2019

Fix issue with class-oembed.php upgrade

1.9.39 Released

November 12, 2019

Add Site Health checks
PHP 7.3 compatibility
Fix bug where if Remove matched categories is No then the default category is always set.
Address deprecated file class-oembed.php

Page 3 of 28

« 1 2 3 4 5 … 28 »

Action: postie_register_shortcode_pre

March 25, 2020

1.9.44 Released

March 23, 2020

1.9.43 Released

February 18, 2020

1.9.42 Released

February 18, 2020

New AddOn: Category for Media

February 16, 2020

1.9.41 Released

February 1, 2020

Postie Reinstated to the WordPress repository

January 18, 2020

Postie Suspended from the WordPress repository

January 8, 2020

Impact

Resolution

1.9.40 Released

November 13, 2019

1.9.39 Released

November 12, 2019